This section is intended to provide a background or context to the invention that is recited in the claims. The description herein may include concepts not known to the relevant art prior to the present invention. Therefore, unless otherwise indicated herein, what is described in this section is not prior art to the description and claims in this application and is not admitted to be prior art by inclusion in this section.
In mobile communications systems “handoff” or “handover” refers to user equipment changing from a source base station to a target base station. There are different types of handovers: The user equipment may change to another radio cell, another base station, another core network, or even another radio technology. There are certain security issues related to arranging mobility related control signalling.
In certain mobility situations, mobile device related information, also referred to as user equipment context information, needs to be requested by a handover target network element from a source network element. In the Universal Mobile Telecommunications System (UMTS) including a Universal Terrestrial Radio Access Network (UTRAN), a packet switched network temporary mobile station identifier (P-TMSI) signature is used to authorize the transfer of user equipment context information between network entities of a single system or between network entities of different systems when a serving General Packet Radio Service (GPRS) support node (SGSN) changes. Thus, the old SGSN can verify that the context transfer request from the new SGSN is valid and relates to the corresponding user equipment.
However, in the evolved 3GPP system, also referred to as the long-term evolution (LTE) of the UMTS UTRAN or the 3.9G, where the radio access network is referred to as Evolved UTRAN (E-UTRAN), the P-TMSI signature is not expected to be used. Instead, non-access stratum (NAS)-level security association and corresponding keys and COUNT values are managed during the IDLE mode, and all NAS-level signaling is authenticated (by integrity protection) with the NAS keys. Therefore, during inter-Mobility Management Entity (MME) mobility, the old MME authenticates the context transfer request and mobility signaling based on a NAS message authentication code (MAC).
To arrange handover between a legacy 3GPP UTRAN and the E-UTRAN, it has been proposed to use a NAS token generated on the basis of NAS keys and a sequence number for arranging authentication of a context transfer request from an SGSN of the legacy 3GPP system. The NAS token freshness must be guaranteed. However, the use of the sequence number provides NAS token freshness only as long as NAS messages are exchanged between two consecutive E-UTRAN to UTRAN idle handovers. An attacker could replay the NAS token under some other SGSN before any new E-UTRAN level NAS messages are sent from the user equipment to the MME.